Dear folks, I'm looking for pointers how to implement a suitable backup strategy für DNSSEC signing keys.
We've designed a secure key store called SmartCard-HSM that implements secure generation, storage and use of asymmetric keys in a CC evaluated smart card (see flyer at [1]). In a next step we want to support key replication among a cluster of SmartCard-HSMs in order to implement load balancing and key backup. We have a draft concept for it, but would like to cross-check with actual user requirements in the DNSSEC area. Any hints are highly appreciated. Kind regards, Andreas [1] http://www.cardcontact.de/products/SmartCard-HSM_V1.0.pdf -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 171 8334920 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
